--[ A huge list of links ]

A shitload of links.

https://dev.windows.com/en-us/microsoft-edge/tools/vms/windows/ – Windows VMs Microsoft offers 90 day trial VMs for people to test IE versions 6-Edge browser. You can Download XP, Vista, 7, 8, 8.1, and 10 to try out. They also have these operating systems packaged up for VirtualBox, Vagrant, HyperV, VPC, and VMware for a no fuss approach. Just download whatever OS you want to play with, and load it on up.
https://www.infosecindustry.com/ – This place has it all: Alerts, News, Podcasts, Videos, Etc. It’s like a dashboard to the InfoSec world. It makes a good home page.
http://securityweekly.com/ – This is a great video/audio podcast/livestream to learn about InfoSec news and what fellow hackers are doing on a weekly basis. Paul has been doing this show for a few years, and has many interesting guests on his show. They love to have a few drinks (and Cigars) and talk about InfoSec. The most entertaining show about Security I’ve ever listened to.
http://www.TWiT.tv – Great place to start if you are just wanting to listen/watch to tech news on a daily basis. They have tons of shows from beginner to shows about technology law. It’s a good place to start learning about all kinds of different tech stuff. (Before I got started into InfoSec, this was the place that I went to get familiar with tech terms and learn about current issues and events in the tech world.)
http://www.Shodan.io – This site is really useful for all kinds of reasons. Shodan is the world’s first search engine for Internet-connected devices. It also turns out that if you send an email (to jmath@shodan.io) from an EDU account letting them know you are a student and your trial account login name, they will upgrade your account to a full membership for free. (Thanks again John Matherly for the info and the upgrade!)
https://haveibeenpwned.com/ – Another pretty cool site where you can check an email address to see if it has been listed in any major breaches. You can also use their API to create your own stuff and do more creative searches. They also have the ability to search across a whole domain for breached accounts, but you have to verify that you own that domain, of course.
https://www.censys.io/tutorial – Censys is a search engine that enables researchers to ask questions about the hosts and networks that compose the Internet.
https://letsencrypt.org/ – Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
https://ninite.com/ – Great for getting many of the tools you need when you rebuild machines. It installs and updates all of your needed programs all at once for you so you don’t have to go get them individually.
https://wigle.net/ – This site is dedicated to wireless network discovery and recon. You can go to an area on the map and see what Wifi SSIDs have been discovered by wardrivers. Pretty sweet!
https://www.calm.com/ – Because sometimes you just want/need to chill out after a long day. =)
https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/

### Video Training /Training Sites:
===========================================================
http://www.Cybrary.IT – There can be only one!
http://www.irongeek.com/ – I am making this bold, because if you don’t know about this, you really need to check this out. This is the BEST place to watch all of the Conference videos. Whether you want to watch a talk from the last Derbycon, or the last B-Sides in whatever city you prefer. I cannot recommend this enough. Thank you IronGeek for your hard work! Give him a follow on Twitter at @irongeek_adc!
Offensive Security – https://www.offensive-security.com
FSU Offensive Computer Security Course – https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html
http://www.Skillset.com – This place has free practice tests. You can subscribe for money, but I would say its not really worth it. It was better when it was all free.
https://open.hpi.de/news#post_42a41551-8ed6-47ea-bec6-ce7d3a030fff
https://pentesterlab.com/ – Great place to lean Web Penetration testing.
http://www.cicentre.com/ – The Center for Counterintelligence and Security Studies
Strategic Security videos http://strategicsec.com/services/training-services/videos/
OCW Electrical Engineering & CompSci Courses – http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/
http://www.hackernews.com/
http://www.youtube.com/user/ChRiStIaAn008
Codeacademy (Teaches how to code in many languages!)- https://www.codecademy.com/
W3schools (Another great site to learn programming languages) http://www.w3schools.com/
RubyMonk (A gentle, interactive introduction to programming in Ruby) http://rubymonk.com/
Code.org (Great resource for children wanting to learn computer science!) – https://code.org/


### Conferences/archives
===========================================================
Conference calendar: https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://www.defcon.org/ – The one and only crazy convention.
http://www.securitybsides.com/
https://www.blackhat.com/
https://conference.hitb.org/
http://www.infosecurityeurope.com/
http://infosecworld.misti.com/
https://www.sans.org/
http://shmoocon.org/
http://www.messefrankfurt.com/
https://deepsec.net/

Then there are all of the City Cons:
Archives:
http://www.Derbycon.com – Although this is technically a City Con, this is the place all of the major InfoSec guys go to after DefCon to hang out in a family atmosphere. I have had such a great time at Derby talking to some of the most influential people in the Security industry. Everyone is so friendly, and you don’t really have to worry about getting popped because there is an unspoken agreement to not do that kind of thing (family do not hack family).
https://circlecitycon.com/
http://skydogcon.blogspot.com/
http://www.archc0n.org/
http://showmecon.com/
http://www.irongeek.com/ – IronGeek the biggest and baddest archive of convention talks
http://www.securitytube.net/
https://infocon.org/ – InfoCon is a community supported, non-commercial archive of all the past hacking related convention material that can be found.
YouTube Channels of Conferences:
DEFCONConference – https://www.youtube.com/user/DEFCONConference/playlists
Shmoocon 2016 – https://www.youtube.com/playlist?list=PLJgHiyD1pZg70X3X3zjmdmZg3u0eqDFJ4
RSA Conference – https://www.youtube.com/channel/UCYzwGkfOqrevO-4TuTjPLwQ
Black Hat – https://www.youtube.com/user/BlackHatOfficialYT/playlists
Derbycon 5 – https://www.youtube.com/playlist?list=PLNhlcxQZJSm8cr3iBN27VZ4Rm11Erbae
http://www.youtube.com/user/HackingCons


### Lock Sport / Lock Picking / Lock Smithing
===========================================================
Want to learn? (Taught by the man, the myth, the legend)- http://www.irongeek.com/i.php?page=videos/aide2015/quick-intro-to-lock-picking-adrian-crenshaw
An interesting Challenge lock – http://learnlockpicking.com/
One of the cheapest places I’ve found Security pins – http://www.clksupplies.com/
These guys are a lot of fun (Check them out at DerbyCon!) – http://www.bloomingtonfools.org/
Peterson Lock Picks – https://www.thinkpeterson.com/
Sparrows Lock Picks – http://www.sparrowslockpicks.com/
Another Pick Selling site – https://www.lockpickshop.com/


### Various electronics/shops to buy tools/gadgets
===========================================================
http://hakshop.myshopify.com/ – Hak5 is pretty well known for the Wifi Pineapple and USB Rubber ducky.
http://hackerwarehouse.com/ – They sell tons of good stuff
While it’s not specific to hacking per se, this site has a list of daily deals that often have really cool things for sale – http://deals.kinja.com/
Some Cool Tech – http://theawesomer.com/category/tech/
Spy Shop – http://www.spyshop.co.uk/
Spy Gadgets – https://www.spygadgets.com/
Gadgets+gear – https://gadgetsandgear.com/security-and-spy/
Spy Emporium – http://www.spyemporium.com/audio-spying-surveillance-equipment.html
Information Unlimited (Crazy Stuff to Buy) http://www.amazing1.com/
Wall of Sheep (All Kinds of Good Stuff) – http://www.wallofsheep.com/
Micro drone with camera – http://www.micro-drone.co.uk/shop/
1BitSquared (super tiny drones) – http://1bitsquared.com/
“Camping” tents (RF Shielded Tents) – http://www.ramayes.com/rf_shielded_tents.htm
KillerUSB (Destroys USB Ports On Computers) – http://kukuruku.co/hub/diy/usb-killer


### Blogs & Resource Sites of Individuals
=========================================================
G0tmi1k – https://blog.g0tmi1k.com/
Lesley Carhart Blog – http://tisiphone.net/
Samy Kamkar Blog – http://samy.pl/
Raphael Mudge – http://blog.cobaltstrike.com/
Fernando Magro Blog – http://fernandomagro.com/category/security/
Bruce Schneier Blog (IT Security “guru”) – https://www.schneier.com
Nicolas Seriot resource site – http://seriot.ch/
Jonathan Salwan (shell-storm) blog – http://shell-storm.org/
Carlos Perez (DarkOperator) – http://www.darkoperator.com/
Brian Krebs – http://krebsonsecurity.com/
H legacy blog – http://www.h-online.com/
Zdziarski’s Blog – http://www.zdziarski.com/blog/?cat=8
IceRocket (allows users to search Blogs, Tweets, news, images etc. all from one page) – http://www.icerocket.com/
Daniel Blog Miessler – https://danielmiessler.com/information-security/
Rootshell Blog – http://www.rootsh3ll.com/
Sjoerd Langkemper Blog – http://www.sjoerdlangkemper.nl/
Malware Jake Blog – http://malwarejake.blogspot.com
Rich Perkins/Mike Tassey – https://rabbit-hole.org/
Social Engineer Blog – http://www.social-engineer.org/blog/
Didier Stevens – http://blog.didierstevens.com/
Room362.com – Blog – http://www.room362.com/
Blogs | The Honeynet Project – https://www.honeynet.org/
n0security – http://n0security.blogspot.com/
Gentil Kiwi – http://blog.gentilkiwi.com/
http://www.n0where.net
http://carnal0wnage.blogspot.com/
http://www.mcgrewsecurity.com/
http://www.gnucitizen.org/blog/
http://www.darknet.org.uk/
http://spylogic.net/
http://taosecurity.blogspot.com/
http://www.room362.com/
http://blog.sipvicious.org/
http://blog.portswigger.net/
http://pentestmonkey.net/blog/
http://jeremiahgrossman.blogspot.com/
http://i8jesus.com/
http://blog.c22.cc/
http://www.skullsecurity.org/blog/
http://blog.metasploit.com/
http://www.darkoperator.com/
http://blog.skeptikal.org/
http://preachsecurity.blogspot.com/
http://www.tssci-security.com/
http://www.gdssecurity.com/l/b/
http://websec.wordpress.com/
http://bernardodamele.blogspot.com/
http://laramies.blogspot.com/
http://www.spylogic.net/
http://blog.andlabs.org/
http://xs-sniper.com/blog/
http://www.commonexploits.com/
http://www.sensepost.com/blog/
http://wepma.blogspot.com/
http://exploit.co.il/
http://securityreliks.wordpress.com/
http://www.madirish.net/index.html
http://sirdarckcat.blogspot.com/
http://reusablesec.blogspot.com/
http://myne-us.blogspot.com/
http://www.notsosecure.com/
http://blog.spiderlabs.com/
http://www.corelan.be/
http://www.digininja.org/
http://www.pauldotcom.com/
http://www.attackvector.org/
http://deviating.net/
http://www.alphaonelabs.com/
http://www.smashingpasswords.com/
http://wirewatcher.wordpress.com/
http://gynvael.coldwind.pl/
http://www.nullthreat.net/
http://www.question-defense.com/
http://archangelamael.blogspot.com/
http://memset.wordpress.com/
http://sickness.tor.hu/
http://punter-infosec.com/
http://www.securityninja.co.uk/
http://securityandrisk.blogspot.com/
http://esploit.blogspot.com/
http://www.pentestit.ru


### Forums
===========================================================
https://www.cybrary.it/forums/
http://sla.ckers.org/forum/index.php
http://www.ethicalhacker.net/
http://www.backtrack-linux.org/forums/
http://www.elitehackers.info/forums/
http://www.hackthissite.org/forums/index.php
http://securityoverride.com/forum/index.php
http://www.iexploit.org/
http://bright-shadows.net/
http://www.governmentsecurity.org/forum/
http://forum.intern0t.net/
https://www.reddit.com/r/netsec/


### Intrusion Detection/Intrusion Prevention Information
===========================================================
https://security-onion-solutions.github.io/security-onion/ – Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!


### Penetration Testing
===========================================================
Tools:
Armitage – http://www.fastandeasyhacking.com/
Cobalt Strike – https://www.cobaltstrike.com/
Charles HTTP proxy/monitor https://www.charlesproxy.com/
EyeWitness – https://github.com/ChrisTruncer/EyeWitness
SSL Labs – https://www.ssllabs.com/ssltest/
Sec tool market http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html
Firefox 68 Add-ons for Web Application Security Penetration Testing https://addons.mozilla.org/en-US/firefox/collections/adammuntner/webappsec/
OWASP Mantra tools https://www.getmantra.com/tools.html
OWASP Zed Attack Proxy (ZAP) https://github.com/zaproxy/zaproxy
Top 125 Network Security Tools http://sectools.org/tag/vuln-scanners/
BeEF framework http://beefproject.com/
Moocherhunter http://securitystartshere.org/page-training-oswa-assistant.htm#moocherhunter
Kali Linux Tools Listing http://tools.kali.org/tools-listing
Vega https://subgraph.com/vega/
Wifite – https://github.com/derv82/wifite
URLQuery – http://urlquery.net/
http://www.edge-security.com/theHarvester.php
http://www.mavetju.org/unix/dnstracer-man.php
http://www.paterva.com/web5/

References:
Common Vulnerabilities and Exposures List https://cve.mitre.org/
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
http://h.ackack.net/cheat-sheets/netcat

Methodologies:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
http://projects.webappsec.org/w/page/13246978/Threat-Classification
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://www.social-engineer.org/

Exploits and Advisories:
http://www.exploit-db.com/
http://www.cvedetails.com/
http://www.packetstormsecurity.org/
http://www.securityforest.com/wiki/index.php/Main_Page
http://www.securityfocus.com/bid
http://nvd.nist.gov/
http://osvdb.org/
http://www.nullbyte.org.il/Index.html
http://secdocs.lonerunners.net/
http://www.phenoelit-us.org/whatSAP/index.html
http://secunia.com/
http://cve.mitre.org/

Cheatsheets and Syntax:
http://cirt.net/ports_dl.php?export=services
http://www.cheat-sheets.org/
http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

Agile Hacking:
http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
http://blog.commandlinekungfu.com/
http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
http://isc.sans.edu/diary.html?storyid=2376
http://isc.sans.edu/diary.html?storyid=1229
http://ss64.com/nt/
http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
http://www.pentesterscripting.com/
http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

OS and Scripts:
http://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://www.linuxsurvival.com/
http://mywiki.wooledge.org/BashPitfalls
http://rubular.com/
http://www.iana.org/assignments/port-numbers
http://www.robvanderwoude.com/ntadmincommands.php
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

Distros:
http://www.backtrack-linux.org/
http://www.matriux.com/
http://samurai.inguardians.com/
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
https://pentoo.ch/
http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
http://www.piotrbania.com/all/kon-boot/
http://www.linuxfromscratch.org/
http://sumolinux.suntzudata.com/
http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
http://www.backbox.org/

Test Sites:
http://www.webscantest.com/
http://crackme.cenzic.com/Kelev/view/home.php
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
http://testaspnet.vulnweb.com/
http://testasp.vulnweb.com/
http://testphp.vulnweb.com/
http://demo.testfire.net/
http://hackme.ntobjectives.com/

Exploitation Intro:
http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
http://www.mgraziano.info/docs/stsi2010.pdf
http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
http://www.ethicalhacker.net/content/view/122/2/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
http://ref.x86asm.net/index.html

Powershell Based Exploitation
https://github.com/PowerShellMafia/PowerSploit
https://github.com/samratashok/nishang
http://www.powershellempire.com/
http://blog.harmj0y.net/

Passwords and Hashes:
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
http://cirt.net/passwords
http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
http://www.foofus.net/?page_id=63
http://hashcrack.blogspot.com/
http://www.nirsoft.net/articles/saved_password_location.html
http://www.onlinehashcrack.com/
http://www.md5this.com/list.php?
http://www.virus.org/default-password
http://www.phenoelit-us.org/dpl/dpl.html
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

Wordlists:
http://contest.korelogic.com/wordlists.html
http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.ericheitzman.com/passwd/passwords/

Pass the Hash:
http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

MiTM:
http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.mindcenter.net/uploads/ECCE101.pdf
http://toorcon.org/pres12/3.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.oact.inaf.it/ws-ssri/Costa.pdf
http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
http://blog.spiderlabs.com/2010/12/thicknet.html
http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
http://www.go4expert.com/forums/showthread.php?t=11842
http://www.irongeek.com/i.php?page=security/ettercapfilter
http://openmaniak.com/ettercap_filter.php
http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

Metadata:
http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
http://lcamtuf.coredump.cx/strikeout/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.edge-security.com/metagoofil.php
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

Google Hacking:
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
http://sqid.rubyforge.org/#next
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

Web:
http://www.bindshell.net/tools/beef
http://blindelephant.sourceforge.net/
http://xsser.sourceforge.net/
http://sourceforge.net/projects/rips-scanner/
http://www.divineinvasion.net/authforce/
http://andlabs.org/tools.html#sotf
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
http://code.google.com/p/pinata-csrf-tool/
http://xsser.sourceforge.net/#intro
http://www.contextis.co.uk/resources/tools/clickjacking-tool/
http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
http://sourceforge.net/projects/ws-attacker/files/
https://github.com/koto/squid-imposter

Attack Strings:
http://code.google.com/p/fuzzdb/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

Shells:
http://sourceforge.net/projects/yokoso/
http://sourceforge.net/projects/ajaxshell/

Scanners:
http://w3af.sourceforge.net/
http://code.google.com/p/skipfish/
http://sqlmap.sourceforge.net/
http://sqid.rubyforge.org/#next
http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://code.google.com/p/fimap/wiki/WindowsAttack
http://code.google.com/p/fm-fsf/

Proxies:
http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
http://sourceforge.net/projects/belch/files/
http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
http://blog.ombrepixel.com/
http://andlabs.org/tools.html#dser
http://feoh.tistory.com/22
http://www.sensepost.com/labs/tools/pentest/reduh
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
http://intrepidusgroup.com/insight/mallory/
http://www.fiddler2.com/fiddler2/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

Social Engineering:
https://www.youtube.com/watch?v=LMu_md_5PQ4 – Pretty good lecture on Charisma
http://modernmachiavelli.com/psychological-manipulation-techniques/ – Large list of techniques.
https://www.helpnetsecurity.com/2016/05/19/social-engineer/ – Great Article on Jayson E. Street
http://www.secmaniac.com/
https://www.phishingfrenzy.com/
For those who have trouble with setting up Phishing Frenzy, one way is through using ansible – https://github.com/justinhohner/ansible-phishing-frenzy)
SatoriPrime Podcast three part breakdown of Joe Navarro’s book “What every body is saying.”
Part 1: – https://www.youtube.com/watch?v=cGZTa8fZbuU
Part 2: – https://www.youtube.com/watch?v=hCUKNiHDHhQ
Part 3: – https://www.youtube.com/watch?v=tOVPqgKnbw8
Quick reference sheet on the subject of body language:
http://www.ohiotesolmoodle.org/2010/handouts/f/f60_What%20every%20Body%20is%20saying.pdf

Password:
http://nmap.org/ncrack/
http://www.foofus.net/~jmk/medusa/medusa.html
http://www.openwall.com/john/
http://ophcrack.sourceforge.net/
http://blog.0x3f.net/tool/keimpx-in-action/
http://code.google.com/p/keimpx/
http://sourceforge.net/projects/hashkill/

Metasploit:
http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://code.google.com/p/msf-hack/wiki/WmapNikto
http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
http://seclists.org/metasploit/
http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
http://meterpreter.illegalguy.hostzi.com/
http://blog.metasploit.com/2010/03/automating-metasploit-console.html
http://www.workrobot.com/sansfire2009/561.html
http://www.securitytube.net/video/711
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
http://milo2012.wordpress.com/2009/09/27/xlsinjector/
http://www.fastandeasyhacking.com/
http://trac.happypacket.net/
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

MSF Exploits or Easy:
http://www.nessus.org/plugins/index.php?view=single&id=12204
http://www.nessus.org/plugins/index.php?view=single&id=11413
http://www.nessus.org/plugins/index.php?view=single&id=18021
http://www.nessus.org/plugins/index.php?view=single&id=26918
http://www.nessus.org/plugins/index.php?view=single&id=34821
http://www.nessus.org/plugins/index.php?view=single&id=22194
http://www.nessus.org/plugins/index.php?view=single&id=34476
http://www.nessus.org/plugins/index.php?view=single&id=25168
http://www.nessus.org/plugins/index.php?view=single&id=19408
http://www.nessus.org/plugins/index.php?view=single&id=21564
http://www.nessus.org/plugins/index.php?view=single&id=10862
http://www.nessus.org/plugins/index.php?view=single&id=26925
http://www.nessus.org/plugins/index.php?view=single&id=29314
http://www.nessus.org/plugins/index.php?view=single&id=23643
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=34477
http://www.nessus.org/plugins/index.php?view=single&id=15962
http://www.nessus.org/plugins/index.php?view=single&id=42106
http://www.nessus.org/plugins/index.php?view=single&id=15456
http://www.nessus.org/plugins/index.php?view=single&id=21689
http://www.nessus.org/plugins/index.php?view=single&id=12205
http://www.nessus.org/plugins/index.php?view=single&id=22182
http://www.nessus.org/plugins/index.php?view=single&id=26919
http://www.nessus.org/plugins/index.php?view=single&id=26921
http://www.nessus.org/plugins/index.php?view=single&id=21696
http://www.nessus.org/plugins/index.php?view=single&id=40887
http://www.nessus.org/plugins/index.php?view=single&id=10404
http://www.nessus.org/plugins/index.php?view=single&id=18027
http://www.nessus.org/plugins/index.php?view=single&id=19402
http://www.nessus.org/plugins/index.php?view=single&id=11790
http://www.nessus.org/plugins/index.php?view=single&id=12209
http://www.nessus.org/plugins/index.php?view=single&id=10673

NSE:
http://www.securitytube.net/video/931
http://nmap.org/nsedoc/

Net Scanners and Scripts:
http://nmap.org/
http://asturio.gmxhome.de/software/sambascan2/i.html
http://www.softperfect.com/products/networkscanner/
http://www.openvas.org/
http://tenable.com/products/nessus
http://www.rapid7.com/vulnerability-scanner.jsp
http://www.eeye.com/products/retina/community

Post Exploitation:
http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
http://www.phx2600.org/archive/2008/08/29/metacab/
http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

Netcat:
http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
http://www.radarhack.com/tutorial/ads.pdf
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.dest-unreach.org/socat/
http://www.antionline.com/archive/index.php/t-230603.html
http://technotales.wordpress.com/2009/06/14/netcat-tricks/
http://seclists.org/nmap-dev/2009/q1/581
http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
http://gse-compliance.blogspot.com/2008/07/netcat.html

Source Inspection:
http://www.justanotherhacker.com/projects/graudit.html
http://code.google.com/p/javasnoop/

Firefox Addons:
https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
https://addons.mozilla.org/en-US/firefox/addon/osvdb/
https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Tool Listings:
http://packetstormsecurity.org/files/tags/tool
http://tools.securitytube.net/index.php?title=Main_Page

Training/Tutorials/Classes:
http://fuzzysecurity.com/tutorials.html
http://pentest.cryptocity.net/
http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
http://www.cs.ucsb.edu/~vigna/courses/cs279/
http://crypto.stanford.edu/cs142/
http://crypto.stanford.edu/cs155/
http://cseweb.ucsd.edu/classes/wi09/cse227/
http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
http://cr.yp.to/2004-494.html
http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
http://stuff.mit.edu/iap/2009/#websecurity

Metasploit:
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
http://www.ustream.tv/recorded/13396511
http://www.ustream.tv/recorded/13397426
http://www.ustream.tv/recorded/13398740

Programming:
Python:
http://code.google.com/edu/languages/google-python-class/index.html
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
http://www.thenewboston.com/?cat=40&pOpen=tutorial
http://showmedo.com/videotutorials/python
http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
Ruby:
http://www.tekniqal.com/

Other Misc:
http://www.cs.sjtu.edu.cn/~kzhu/cs490/
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
http://resources.infosecinstitute.com/
http://vimeo.com/user2720399

Web Vectors
SQLi:
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
http://isc.sans.edu/diary.html?storyid=9397
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.evilsql.com/main/index.php
http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
http://sqlzoo.net/hack/
http://www.sqlteam.com/article/sql-server-versions
http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html

Joe McCray – Advanced SQL Injection – LayerOne 2009
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
http://sla.ckers.org/forum/read.php?24,33903
http://websec.files.wordpress.com/2010/11/sqli2.pdf
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL

Upload Tricks:
http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
http://www.ravenphpscripts.com/article2974.html
http://www.acunetix.com/cross-site-scripting/scanner.htm
http://www.vupen.com/english/advisories/2009/3634
http://msdn.microsoft.com/en-us/library/aa478971.aspx
http://dev.tangocms.org/issues/237
http://seclists.org/fulldisclosure/2006/Jun/508
http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://shsc.info/FileUploadSecurity

LFI/RFI:
http://pastie.org/840199
http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
http://www.digininja.org/blog/when_all_you_can_do_is_read.php

XSS:
http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.technicalinfo.net/papers/CSS.html
http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
http://heideri.ch/jso/#javascript
http://www.reddit.com/r/xss/
http://sla.ckers.org/forum/list.php?2

Coldfusion:
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://zastita.com/02114/Attacking_ColdFusion..html
http://www.nosec.org/2010/0809/629.html
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf

Sharepoint:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

Lotus:
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://seclists.org/pen-test/2002/Nov/43
http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
JBoss:
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

VMWare Web:
http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav

Oracle App Servers:
http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.owasp.org/index.php/Testing_for_Oracle
http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
http://www.ngssoftware.com/papers/hpoas.pdf

SAP:
http://www.onapsis.com/research.html#bizploit
http://marc.info/?l=john-users&m=121444075820309&w=2
http://www.phenoelit-us.org/whatSAP/index.html

Wireless:
http://code.google.com/p/pyrit/


### Vulnerable Web Applications
===========================================================
OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic http://hackademic1.teilar.gr/
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
PentesterLab https://pentesterlab.com/
Butterfly Security Project http://thebutterflytmp.sourceforge.net/
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
Moth http://www.bonsai-sec.com/en/research/moth.php
WackoPicko https://github.com/adamdoupe/WackoPicko
BadStore http://www.badstore.net/
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
BodgeIt Store http://code.google.com/p/bodgeit/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SQLol https://github.com/SpiderLabs/SQLol
CryptOMG https://github.com/SpiderLabs/CryptOMG
XMLmao https://github.com/SpiderLabs/XMLmao
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
GameOver http://sourceforge.net/projects/null-gameover/
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
PuzzleMall http://code.google.com/p/puzzlemall/
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
sqli-labs https://github.com/Audi-1/sqli-labs
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
bWAPP http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
SocketToMe http://digi.ninja/projects/sockettome.php
WAVSEP https://github.com/sectooladdict/wavsep
http://www.oldapps.com/
http://www.oldversion.com/
http://www.exploit-db.com/webapps/
http://code.google.com/p/wavsep/downloads/list
http://www.owasp.org/index.php/Owasp_SiteGenerator
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx


### Vulnerable Operating System Installations
===========================================================
https://exploit-exercises.com – A great VM/Tutorial site.
http://www.vulnhub.com – good place to find vulnerable VMs to load up and practice hacking (a must have for lab building)
Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/
Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
pWnOS http://www.pwnos.com/
Holynix http://sourceforge.net/projects/holynix/files/
Kioptrix http://www.kioptrix.com/blog/
exploit-exercises – nebula, protostar, fusion http://exploit-exercises.com/download
PenTest Laboratory http://pentestlab.org/lab-in-a-box/
RebootUser Vulnix http://www.rebootuser.com/?page_id=1041
neutronstar http://neutronstar.org/goatselinux.html
scriptjunkie.us http://www.scriptjunkie.us/2012/04/the-hacker-games/
21LTR http://21ltr.com/scenes/
SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
Pentester Lab https://www.pentesterlab.com/exercises
Vulnserver http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
TurnKey Linux http://www.turnkeylinux.org/
Bitnami https://bitnami.com/stacks
Elastic Server http://elasticserver.com
CentOS http://www.centos.org/
http://sourceforge.net/projects/websecuritydojo/
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
http://heorot.net/livecds/
http://informatica.uv.es/~carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
http://pynstrom.net/holynix.php
http://gnacktrack.co.uk/download.php
http://sourceforge.net/projects/lampsecurity/files/
https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.badstore.net/
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.dvwa.co.uk/
http://sourceforge.net/projects/thebutterflytmp/


### Sites for Downloading Older Versions of Various Software
===========================================================
Exploit-DB http://www.exploit-db.com/
Old Version http://www.oldversion.com/
Old Apps http://www.oldapps.com/
VirtualHacking Repo http://www.sourceforge.net/projects/virtualhacking/files/apps%40realworld/


### Sites by Vendors of Security Testing Software
===========================================================
Acunetix acuforum http://testasp.vulnweb.com/
Acunetix acublog http://testaspnet.vulnweb.com/
Acunetix acuart http://testphp.vulnweb.com/
Cenzic crackmebank http://crackme.cenzic.com
HP freebank http://zero.webappsecurity.com
IBM altoromutual http://demo.testfire.net/
Mavituna testsparker http://aspnet.testsparker.com
Mavituna testsparker http://php.testsparker.com
NTOSpider Test Site http://www.webscantest.com/
Subgraph open source security company https://subgraph.com/


### Sites for Improving Your Hacking Skills
===========================================================
Hackthebox https://hackthebox.eu/


Exploit Exercises http://exploit-exercises.com/
Google Gruyere http://google-gruyere.appspot.com/
Gh0st Lab http://www.gh0st.net/
Hack This Site http://www.hackthissite.org/
HackThis http://www.hackthis.co.uk/
HackQuest http://www.hackquest.com/
Hack.me https://hack.me
Hacking-Lab https://www.hacking-lab.com
Hacker Challenge http://www.dareyourmind.net/
Hacker Test http://www.hackertest.net/
hACME Game http://www.hacmegame.org/
Hax.Tor http://hax.tor.hu/
OverTheWire http://www.overthewire.org/wargames/
PentestIT http://www.pentestit.ru/en/
pwn0 https://pwn0.com/home.php
RootContest http://rootcontest.com/
Root Me http://www.root-me.org/?lang=en
Security Treasure Hunt http://www.securitytreasurehunt.com/
Smash The Stack http://www.smashthestack.org/
TheBlackSheep and Erik http://www.bright-shadows.net/
ThisIsLegal http://thisislegal.com/
Try2Hack http://www.try2hack.nl/
WabLab http://www.wablab.com/hackme
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/
XSS: ProgPHP http://xss.progphp.com/


### CTF Sites / Archives
===========================================================
CTFtime (Details of CTF Challenges) http://ctftime.org/ctfs/
shell-storm Repo – http://shell-storm.org/repo/CTF/
CAPTF Repo – http://captf.com/
Organizing CTF Events:
https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown
https://trailofbits.github.io/ctf/
http://captf.com/
https://www.wechall.net/
https://ctftime.org/
http://intruded.net/
http://smashthestack.org/
http://flack.hkpco.kr/
http://ctf.hcesperer.org/
http://ictf.cs.ucsb.edu/
http://capture.thefl.ag/calendar/
https://github.com/facebook/fbctf


### Mobile Apps
===========================================================
ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labs http://securitycompass.github.io/iPhoneLabs/
OWASP iGoat http://code.google.com/p/owasp-igoat/
OWASP Goatdroid https://github.com/jackMannino/OWASP-GoatDroid-Project
Damn Vulnerable iOS App (DVIA) http://damnvulnerableiosapp.com/
Damn Vulnerable Android App (DVAA) https://code.google.com/p/dvaa/
Damn Vulnerable FirefoxOS Application (DVFA) https://github.com/pwnetrationguru/dvfa/
NcN Wargame http://noconname.org/evento/wargame/
Hacme Bank Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank http://www.paladion.net/downloadapp.html
Mobile forensic hardware shop http://shop.cellebrite.com/accessories.html


### Interesting Apps/Scripts/Programs
===========================================================
List of network sec apps – https://wiki.archlinux.org/index.php/List_of_applications#Network_security
Lynis app (Security auditing tool and assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening.)- https://cisofy.com/lynis/ or https://github.com/CISOfy/Lynis
iptraf-ng – ip traffic monitor – https://fedorahosted.org/iptraf-ng/
ngrep – network grep – http://ngrep.sourceforge.net/
Veil framework – https://www.veil-framework.com/
Check sums of downloaded files on different OSs – https://superuser.com/questions/699014/how-to-make-sure-a-downloaded-iso-matches-a-hash-value
AFICK (Another File Integrity ChecKer) – http://afick.sourceforge.net/
Hashcat – Worlds fastest password cracker – https://hashcat.net/oclhashcat/
Pantomjs – PhantomJS is a headless WebKit scriptable with a JavaScript API. It has fast and native support for various web standards: DOM handling, CSS selector, JSON, Canvas, and SVG.- http://phantomjs.org/
CUPP source – Common User Passwords Profiler – https://github.com/Mebus/cupp
Js kill switch (A solution to proventing website code thievery) – http://menacingcloud.com/?c=ajaxKillSwitch2
IDA (Interactive Disassembler & Debugger) – https://www.hex-rays.com/products/ida/


### Products/Appliances
===========================================================
pfsense – https://www.pfsense.org/
FireEye – https://www2.fireeye.com


### Host Forensics
===========================================================
DigitalCorpora http://digitalcorpora.org/
Digital Forensics Tool Testing Images http://dftt.sourceforge.net/
DFRWS 2014 Forensics Rodeo http://www.cs.uno.edu/~golden/dfrws-2014-rodeo.html
Linux LEO Supplemental Files http://linuxleo.com/
volatility memory samples https://code.google.com/p/volatility/wiki/FAQ
Volatility | Memory Forensics | Volatile Systems – https://www.volatilesystems.com/default/volatility
volatility – An advanced memory forensics framework – https://code.google.com/p/volatility/
ISFCE Sample Practical Exercise http://www.isfce.com/sample-pe.htm
ForGe Forensic test image generator https://github.com/hannuvisti/forge


### Network Forensics
===========================================================
Network Miner – http://www.netresec.com/?page=NetworkMiner
Wireshark Sample Captures http://wiki.wireshark.org/SampleCaptures
Wireshark Network Analysis Book Supplements http://www.wiresharkbook.com/studyguide.html
pcapr http://www.pcapr.net
PacketLife Capture Collection http://packetlife.net/captures/
DigitalCorpora Packet Dumps http://digitalcorpora.org/corpora/packet-dumps
Evil Fingers PCAP Challenges https://www.evilfingers.com/repository/pcaps_challenge.php
PCAPS Repository https://github.com/markofu/pcaps
Chris Sanders Packet Captures http://chrissanders.org/packet-captures/
Tcpreplay Sample Captures http://tcpreplay.appneta.com/wiki/captures.html
Enron Email Dataset http://www.cs.cmu.edu/~enron/
MAWI Working Group Traffic Archive http://mawi.wide.ad.jp/mawi/
LBNL-FTP-PKT http://ee.lbl.gov/anonymized-traces.html/


### Malware Analysis
===========================================================
Cuckoo sandbox – https://www.cuckoosandbox.org/
Open Malware / Offensive Computing http://openmalware.org/
Contagio http://contagiodump.blogspot.com/
VX Heaven http://vxheaven.org/
VirusShare.com / VXShare http://virusshare.com/
VXVault http://vxvault.siri-urz.net
MalShare http://malshare.com/
Virusign http://www.virusign.com/
theZoo / Malware DB http://ytisf.github.io/theZoo/
malc0de http://malc0de.com/database/
FakeAVs blog http://www.fakeavs.com/
malware_traffic http://malware-traffic-analysis.net/
Georgia Tech malrec page http://panda.gtisc.gatech.edu/malrec/
Kernelmode Forum http://www.kernelmode.info
Malware Hub Forum http://malwaretips.com/categories/malware-hub.103/
MalwareBlacklist.com http://www.malwareblacklist.com
Joxean Koret’s List http://malwareurls.joxeankoret.com
Sucuri Research Labs http://labs.sucuri.net/?malware
CLEAN MX realtime database http://support.clean-mx.de/clean-mx/viruses.php
Contagio Mobile Malware http://contagiominidump.blogspot.com/
Android Sandbox http://androidsandbox.net/samples/
maltrieve http://maltrieve.org/
HoneyDrive http://bruteforce.gr/honeydrive
http://www.woodmann.com/TiGa/idaseries.html
http://www.binary-auditing.com/
http://visi.kenshoto.com/
http://www.radare.org/y/
http://www.offensivecomputing.net/


### Forensics Online and CTFs
==========================================================
Honeynet Challenges https://www.honeynet.org/challenges
http://old.honeynet.org/scans/index.html
I Smell Packets http://ismellpackets.com/
Network Forensics Puzzle contest http://forensicscontest.com/puzzles
DEF CON CTF Archive https://www.defcon.org/html/links/dc-ctf.html
DFRWS http://www.dfrws.org/2013/challenge/index.shtml
http://www.dfrws.org/2010/challenge/
http://www.dfrws.org/2011/challenge/index.shtml
http://www.dfrws.org/2007/challenge/index.shtml
http://www.dfrws.org/2006/challenge/
http://www.dfrws.org/2005/challenge/
ForensicKB Practicals http://www.forensickb.com/2008/01/forensic-practical.html
http://www.forensickb.com/2008/01/forensic-practical-2.html
http://www.forensickb.com/2010/01/forensic-practical-exercise-3.html
http://www.forensickb.com/2010/06/forensic-practical-exercise-4.html
http://www.forensickb.com/2011/01/simple-forensic-puzzle-1.html
http://www.forensickb.com/2011/02/forensic-puzzle-6.html
HackEire CTF https://github.com/markofu/hackeire
UMass Trace Repository http://traces.cs.umass.edu/


### List of links for (specifically) different VMs/OSs: (for all you lab makers out there!)
===========================================================
Windows VMS https://dev.windows.com/en-us/microsoft-edge/tools/vms/windows/
BackBox Linux http://www.backbox.org
Matriux http://www.matriux.com
VAST http://vipervast.sourceforge.net/
Samurai http://sourceforge.net/projects/samurai/
OSWA-Assistant http://securitystartshere.org/page-training-oswa-assistant-tools.htm
OpenPCD2 http://www.openpcd.org/OpenPCD_2_RFID_Reader_for_13.56MHz
Kali Linux http://www.kali.org/
MobiSec http://sourceforge.net/projects/mobisec/
Santoku Linux https://santoku-linux.com/
Ophcrack http://ophcrack.sourceforge.net/
REMnux http://zeltser.com/remnux/
ARE https://redmine.honeynet.org/projects/are
HoneyDrive http://bruteforce.gr/honeydrive
Vyatta CORE http://www.vyatta.org/downloads
NST http://sourceforge.net/projects/nst/
SIFT http://computer-forensics.sans.org/community/downloads
Orion http://orionlivecd.sourceforge.net/
DEFT Linux http://www.deftlinux.net/
CAINE http://www.caine-live.net/
Security Onion http://securityonion.blogspot.co.uk/
Shadow http://handlers.dshield.org/gbruneau/shadow.htm
Ultimate Boot CD http://www.ultimatebootcd.com/
Hiren’s BootCD http://www.hiren.info/pages/bootcd
Fedora http://fedoraproject.org/
OpenSUSE http://www.opensuse.org
Ubuntu http://www.ubuntu.com
Openindiana http://openindiana.org/
Haiku http://haiku-os.org/
Turnkey Linux http://www.turnkeylinux.org/
Bitnami https://bitnami.com/stacks
Elastic Server http://elasticserver.com
Parrot Security OS – https://www.parrotsec.org/download
Tails OS – https://tails.boum.org/
Blackarch OS – http://blackarch.org/
Network Security Toolkit OS – http://www.networksecuritytoolkit.org/nst/index.html
Qubes OS https://www.qubes-os.org/
Whonix OS https://www.whonix.org/
liberte OS http://dee.su/liberte


### Software/App Development
===========================================================
XDA (android development) – http://www.xda-developers.com/
Custom OS development http://wiki.osdev.org/
and get started video https://www.youtube.com/watch?v=YvZhgRO7hL4
Linux from scratch http://www.linuxfromscratch.org/lfs/
and get started video https://www.youtube.com/watch?v=VSBkJ3rj-X4
Fiddler (The free web debugging proxy for any browser, system or platform) –http://www.telerik.com/fiddler
Arachni framework http://www.arachni-scanner.com/


### Cryptography Resources
===========================================================
Dcode – https:///en/
Advanced Encryption Package (AEP) – http://www.aeppro.com/products/aep.shtml
CrypTool – https://www.cryptool.org/en/
HashCalc – http://hashcalc.software.informer.com/download/


### Router Firmware Options
===========================================================
ASUS Merlin – http://asuswrt.lostrealm.ca/
DD-WRT – http://www.dd-wrt.com/site/index
Tomato – http://www.polarcloud.com/tomato
Open WRT – http://www.openwrt.org/
Free WRT – http://freewrt.org/trac/
Chillfire – http://www.chillifire.net/
Gargoyle – http://www.gargoyle-router.com/


### Miscellaneous
===========================================================
How To Geek – http://www.howtogeek.com/
VulnVPN – http://www.rebootuser.com/?page_id=1041
VulnVoIP – http://www.rebootuser.com/?page_id=1041
NETinVM – http://informatica.uv.es/~carlos/docencia/netinvm/
GNS3 – http://sourceforge.net/projects/gns-3/
XAMPP – https://www.apachefriends.org/index.html
Riseup – https://help.riseup.net/
Security in-a-box – https://securityinabox.org/en
KeePassX – https://www.keepassx.org/
GNUnet framework – https://gnunet.org/
Pentest with Hak5 – http://pentestwithhak5.com/
Cryptostorm – https://cryptostorm.is/
Quemu open source machine emulator and virtualizer – http://wiki.qemu.org/
Raspberry Pi emulation for Windows – https://sourceforge.net/projects/rpiqemuwindows/
Online javascript obfuscator – http://www.danstools.com/javascript-obfuscate/
Iceweasel browser – https://wiki.debian.org/Iceweasel
http://www.crows.org/ – The Association of Old Crows is an organization for individuals who have common interests in Electronic Warfare (EW), Electromagnetic Spectrum Management Operations, Cyber Electromagnetic Activities (CEMA), Information Operations (IO), and other information related capabilities.
Quantum Computing Playground – http://www.quantumplayground.net
Coreboot – http://www.coreboot.org/Welcome_to_coreboot
HardenedBSD – https://hardenedbsd.org/
Android ROM flashing – http://forum.xda-developers.com/wiki/Flashing_Guide_-_Android
and get started video – https://www.youtube.com/watch?v=RIi4KXgZYsI
Grsecurity – https://grsecurity.net/
InSSIDer – http://www.inssider.com/downloads/
Main – browsersec – Browser Security Handbook landing page –
Project Hosting on Google Code – http://code.google.com/p/browsersec/wiki/Main
Inject your code to a Portable Executable file – Programmer’s Heaven – http://www.programmersheaven.com/2/Inject-code-to-Portable-Executable-file
XSS (Cross Site Scripting) Cheat Sheet – http://ha.ckers.org/xss.html
ilektrojohn/creepy @ GitHub – http://ilektrojohn.github.com/creepy/
Malcode Analysis Software Tools // iDefense Labs – http://labs.idefense.com/software/malcode.php
RMS’s gdb Tutorial – http://www.unknownroad.com/rtfm/gdbtut/gdbtoc.html
Peter’s gdb Tutorial: Table Of Contents – http://dirac.org/linux/gdb/
Reverse Engineering Team – http://www.reteam.org/
Adventures with Radare2 #1: A Simple Shellcode Analysis | Can’t Hack, Won’t Hack – http://canthack.org/2011/07/adventures-with-radare-1-a-simple-shellcode-analysis/
OpenRCE – http://www.openrce.org/articles/
c0ffee.com/virus/cih.txt – http://c0ffee.com/virus/cih.txt
PDFTricks – corkami – a summary of PDF tricks –http://code.google.com/p/corkami/wiki/PDFTricks
Hacking Network Printers (Mostly HP JetDirects?, but a little info on the Ricoh Savins) –http://www.irongeek.com/i.php?page=security/networkprinterhacking
mapping MAC addresses – samy kamkar – http://samy.pl/androidmap/
Windows Incident Response: Using RegRipper?:http://windowsir.blogspot.com/2011/03/using-regripper.html
poorcase – A perl script to virtually reconstruct a split forensic disk image – Google Project Hosting – http://code.google.com/p/poorcase/
Cryptology ePrint Archive – http://eprint.iacr.org/
Improved Persistent Login Cookie Best Practice | Barry Jaspan – http://jaspan.com/improved_persistent_login_cookie_best_practice
Designing an Authentication System: a Dialogue in Four Scenes – http://web.mit.edu/kerberos/www/dialogue.html
Understanding Hash Functions and Keeping Passwords Safe | Nettuts+ – http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
MAEC – Malware Attribute Enumeration and Characterization – https://maec.mitre.org/index.html
Forensics Wiki – http://www.forensicswiki.org/wiki
Spare Clock Cycles – http://spareclockcycles.org/
grand stream dreams: Malware Analysis Resources – http://grandstreamdreams.blogspot.co.uk/2012/04/malware-analysis-resources.html
SANS: Information Security Reading Room – Computer Security White Papers – http://www.sans.org/reading_room/
Vulnerable VM List : securityCTF – https://www.reddit.com/r/securityCTF/comments/t53cr/vulnerable_vm_list/
nullsecurity team – http://www.nullsecurity.net/index.html
IAmA a malware coder and botnet operator, AMA : IAmA – http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/#
Undetectable – Portal – http://www.indetectables.net/
OpenSC – Security Research Forum – The Front Page – http://www.opensc.ws/
Penetration Testing and Vulnerability Analysis – Home:http://pentest.cryptocity.net/
Metasploit Minute – http://www.metasploitminute.com/
Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal | Patterns for Software Diagnostics – http://www.dumpanalysis.org/
oclHashcat-plus – advanced password recovery – https://hashcat.net/oclhashcat-plus/
Netcraft Anti-Phishing Toolbar – http://toolbar.netcraft.com/
pescrambler – Scrambler and Obfuscator for PE formatted Win32 binaries –http://code.google.com/p/pescrambler/
Searching With VirusTotal? « Didier Stevens – http://blog.didierstevens.com/2012/05/21/searching-with-virustotal/
Metasploit Unleashed – https://www.offensive-security.com/metasploit-unleashed/Main_Page
VoIP Hopper – Jumping from one VLAN to the next! – http://voiphopper.sourceforge.net/
DE(E)SU – Cables Communication: http://dee.su/cables
GMER – Rootkit Detector and Remover – http://www.gmer.net/
Luigi Auriemma – http://aluigi.org/adv.htm
NIST Special Publications – http://csrc.nist.gov/publications/PubsSPs.html


### Threat Intel Links:
===========================================================
AlienVault – https://otx.alienvault.com
Palo Alto Networks AutoFocus – https://paloaltonetworks.com/products/platforms/subscriptions/autofocus.html
Crowd Strike IE – http://www.crowdstrike.com/intelligence-exchange/
SolarWinds LEMs (Log and Event Manager (SIEM))(Now with Threat Intl feeds): http://www.solarwinds.com/log-event-manager/whatsnew.aspx
https://lgscout.com/about-us/
http://www.crowdstrike.com/community-tools/
http://www.deepimpact.io/blog/splunkandfreeopen-sourcethreatintelligencefeeds


### Anonymity/Privacy Links
===========================================================
DD WRT – https://www.dd-wrt.com/site/
Tor browser – https://www.torproject.org/projects/torbrowser.html.en and https://gitweb.torproject.org/tor.git?a=tree;hb=HEAD
ShieldsUP web scaner – https://www.grc.com/x/ne.dll?bh0bkyd2
Cypherspace http://www.cypherspace.org/adam/
Private search https://search.disconnect.me/
Data wiping software dban.org
Metadata Anonymisation Toolkit https://mat.boum.org/
Veracrypt https://veracrypt.codeplex.com/
Surveillance Self-Defense from eff https://ssd.eff.org/


### Information Gathering/Footprinting/Intel Links
===========================================================

Infrastructure:
http://uptime.netcraft.com/
http://www.serversniff.net/
http://www.domaintools.com/
http://centralops.net/co/
http://hackerfantastic.com/
http://whois.webhosting.info/
https://www.ssllabs.com/ssldb/analyze.html
http://www.clez.net/
http://www.my-ip-neighbors.com/
http://www.exploit-db.com/google-dorks/
http://www.hackersforcharity.org/ghdb/
Shodan – https://www.shodan.io/
ICANN Whois – https://whois.icann.org/
Whois Tools – http://whois.domaintools.com/
More Whois Tools – https://who.is/
DNS Tools – http://www.dnsstuff.com/
MX Toolbox – http://mxtoolbox.com/
ARIN (American Registry for Internet Numbers) – https://www.arin.net/
The Way Back Machine – https://archive.org/web/
Reverse Image Search – https://www.tineye.com/
Scrapy – http://scrapy.org/
Passive splice network tap – http://janitha.com/articles/passive-splice-network-tap/
Hardware network taps – http://datacomsystems.com/products/network-taps
DMitry Host Info Gathering(Deepmagic Information Gathering Tool) http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/
Built With (Find out what websites are Built With) – https://builtwith.com/
Sqrrl (security analytics) – http://sqrrl.com/


OSINT (Open Source Intelligence):
http://onstrat.com/osint/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
Tactical Information Gathering – http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
http://infond.blogspot.com/2010/05/toturial-footprinting.html


### People Searching
===========================================================
National Center for State Courts – http://www.ncsc.org/topics/access-and-fairness/privacy-public-access-to-court-records/state-links.aspx?cat=Public%20Access%20Web%20Sites
Echosec (Location-based Searching) – https://www.echosec.net/
TrackSomebody – http://www.tracksomebody.com
LexisNexis – http://www.lexisnexis.com/en-us/gateway.page
Intelius – http://www.intelius.com/
Zaba Search – http://www.zabasearch.com/
http://www.spokeo.com/
http://www.xing.com/
http://pipl.com/
http://www.zabasearch.com/
http://www.searchbug.com/default.aspx
http://theultimates.com/
http://skipease.com/
http://addictomatic.com/
http://socialmention.com/
http://entitycube.research.microsoft.com/
http://www.yasni.com/
http://tweepz.com/
http://tweepsearch.com/
http://www.glassdoor.com/index.htm
http://www.jigsaw.com/
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
http://www.tineye.com/
http://www.peekyou.com/


### Splunk Threat Intel Feeds:
===========================================================
http://www.splunk.com/en_us/products/premium-solutions/it-service-intelligence.html
https://www.infosecindustry.com/
https://github.com/rshipp/awesome-malware-analysis/blob/master/README.md


### Bounty Hunter Programs
===========================================================
General bounty programs and rewards:
https://hackerone.com/
https://bugcrowd.com/list-of-bug-bounty-programs
https://firebounty.com/
Mozilla:
https://www.mozilla.org/en-US/security/bug-bounty/
https://www.mozilla.org/en-US/security/client-bug-bounty/
https://www.mozilla.org/en-US/security/web-bug-bounty/
Google and related products:
https://www.google.com/about/appsecurity/reward-program/
https://bughunter.withgoogle.com
GitHub:
https://bounty.github.com/
Microsoft:
https://technet.microsoft.com/en-us/security/dn800983
https://technet.microsoft.com/en-US/security/dn425036
PayPal:
https://www.paypal.com/us/webapps/mpp/security-tools/reporting-security-issues
Facebook and related products:
http://www.facebook.com/whitehat/bounty/
AT&T:
https://bugbounty.att.com/rewards.php
Samsung:
https://samsungtvbounty.com/


### Add-ons for Chrome/Firefox: (you can search for these in your browser’s plugin store)
===========================================================
BetterPrivacy – https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
Tampermonkey – https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?hl=en
Referrer Control – https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin?hl=en
Modify Response Headers – https://addons.mozilla.org/en-US/firefox/addon/modify-response-headers/
User-Agent Switcher – https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg?hl=en-US
NoScript – https://addons.mozilla.org/en-US/firefox/addon/noscript/
HTTPS Everywhere – https://www.eff.org/https-everywhere%20
UltraSurf – https://chrome.google.com/webstore/detail/ultrasurf-security-privac/mjnbclmflcpookeapghfhapeffmpodij?hl=en-US
Privacy Badger – https://www.eff.org/privacybadger
Tamper Data – https://addons.mozilla.org/en-US/firefox/addon/tamper-data/


### Deep Web/Dark Net Information ( and needs improvement)
===========================================================
https://n0where.net/best-onion-links-deep-web/
https://www.torproject.org/


### Books, Music, Audio, Software, Games, Films, TV, etc…
===========================================================
Books:
Large Github contribution of free books – https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md
Information warfare books ($) – http://www.artechhouse.com/Main/InformationWarfare.aspx
Electronic warfare books ($) – http://www.artechhouse.com/Main/ElectronicWarfare.aspx
x86 Assembly Wiki Books https://en.wikibooks.org/wiki/X86_Assembly

Software Archives:
Free Software Collection: https://archive.org/details/software
Arcade Games: https://archive.org/details/internetarcade
Console Games: https://archive.org/details/consolelivingroom
The Commodore 64k: https://archive.org/details/CC517_commodore_64
Old Apple Computer Info: https://archive.org/details/softwarelibrary_apple?and=apple%20%20II
The Malware Museum: http://venturebeat.com/2016/02/05/the-malware-museum-an-online-archive-of-computer-viruses-of-yore/

Magazines:
http://www.net-security.org/insecuremag.php
http://hakin9.org/
http://www.raspberry-pi-geek.com/
https://www.raspberrypi.org/magpi/
https://www.bing.com/search?q=Free+Linux+Magazines&FORM=R5FD5
http://www.linuxidentity.com/us/
https://linuxformat.com/archives
https://www.linuxvoice.com/creative-commons-issues/
https://linuxformat.com/archives
x86 Assembly Wiki Books https://en.wikibooks.org/wiki/X86_Assembly


### Cyber Security Policy
===========================================================
http://www.cyber.nj.gov
http://cybersecurity.alabama.gov/
http://www.securityindustry.org/Pages/Cybersecurity-@-SIA.aspx


### Cyber Kill Chain (Near and Dear to Incident Response Professionals)
===========================================================
Great Resource for those in Incident Response – http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf


### Puzzles and Games
===========================================================
NSA Crypto Challenge – https://www.guardsupport.com/crypto/index.asp
GCHQ’s Kristmas Krypto Kwizzes 2006 – https://theintercept.com/2015/12/25/gchq-play-a-british-spy-game/
GCHQ’s 2015 Director’s Christmas Puzzle – http://www.gchq.gov.uk/press_and_media/news_and_features/pages/directors-christmas-puzzle-2015.aspx


### Automation build
===========================================================
https://ant.apache.org/ – Automation build tool, similar to make, written in Java.
http://maven.apache.org/ – Build automation tool mainly for Java.
http://bazel.io/ – Google’s build system.
http://www.gnu.org/software/make/ – The most popular automation build tool for many purposes.
http://gradle.org/ – Another build automation system.

### Backup software
===========================================================
http://www.amanda.org/ – Client-server model backup tool.
https://attic-backup.org/ – A deduplicating backup program written in Python.
http://www.bareos.org/ – A fork of Bacula backup tool.
https://labs.riseup.net/code/projects/backupninja – Lightweight, extensible meta-backup system.
http://brebisproject.org/ – A fully automated backup checker
http://burp.grke.org/ – Network backup and restore program.
http://duplicity.nongnu.org/ – Encrypted bandwidth-efficient backup using the rsync algorithm.
https://github.com/elkarbackup/elkarbackup – Backup solution based on RSnapshot with a simple web interface
https://github.com/axkibe/lsyncd – File Monitor which spawns a process to synchronize the changes (rsync by default).
http://obnam.org/ – An easy, secure, snapshots-based backup program with data de-duplication.
http://www.nongnu.org/rdiff-backup/ – An easy A remote incremental backup of all your files.
http://www.rsnapshot.org/ – Filesystem Snapshotting Utility.
http://www.snebu.com/ – Snapshot backup with global multi-client deduplication and transparent compression.
http://www.urbackup.org/ – Another client-server backup system.
https://github.com/dojo4/drebs – AWS EBS backup script that supports strategies.
http://zbackup.org/ – A versatile deduplicating backup tool.

### Build and software organization tools
===========================================================
https://easybuild.readthedocs.org/en/latest/ – EasyBuild builds software and modulefiles for High Performance Computing (HPC) systems in an efficient way.
https://www.tacc.utexas.edu/research-development/tacc-projects/lmod – Lmod is a Lua based module system that easily handles the MODULEPATH Hierarchical problem.
https://github.com/n1trux/awesome-sysadmin/blob/master/hpcbios.readthedocs.org/en/latest – HPCBIOS is an effort to setup a common, well-documented and reproducible, environment spanning across multiple HPC systems & sites, inclusive of documentation.


### Conversation-driven development and management. See http://www.reddit.com/r/chatops for more information
===========================================================
https://github.com/CloudBotIRC/CloudBot – The simple, fast, expandable Python IRC bot.
http://www.eggheads.org/ – the world’s most popular IRC bot, designed for flexibility and ease of use, and is freely distributable under the GNU GPL.
http://errbot.net/ – a plugin based chatbot designed to be easily deployable, extensible and maintainable.
https://hubot.github.com/ – A customizable, life embetterment robot.
https://github.com/djosephsen/lazlo – A chatops automation framework in Go.
https://www.lita.io/ – A robot companion for your company’s chat room.

### Managing software on desktop computers
===========================================================
http://www.ocsinventory-ng.org/en/ – Inventory, deployment and network scan.
http://www.opsi.org/en (open PC server integration) – Client Management for Windows based on Debian.
http://dev.tranquil.it/wiki/WAPT_-_apt-get_pour_Windows/en – Network-wide (un)installation, configuration and upgrades of Windows based software.
http://wpkg.org/ – Software deployment, upgrade and removal program for Windows.


### Cloning software
===========================================================
http://clonezilla.org/ – Partition and disk imaging/cloning program.
http://www.fogproject.org/ – Another computer cloning solution.


### Cloud Computing
===========================================================
http://github.com/AppScale/appscale – Cloud software with Google App Engine compatibility.
http://archipelproject.org/ – Manage and supervise virtual machines using Libvirt.
http://cloudstack.apache.org/ – Cloud computing software for creating, managing, and deploying infrastructure cloud services.
http://www.cobblerd.org/ – Cobbler is a Linux installation server that allows for rapid setup of network installation environments.
http://cc1.ifj.edu.pl/ – The CC1 system provides a complete solution for Private Cloud Computing.
https://www.eucalyptus.com/ – Private cloud software with AWS compatibility.
https://flynn.io/ – PaaS
http://mesos.apache.org/ – Develop and run resource-efficient distributed systems.
http://opennebula.org/ – User-driven cloud management platform for sysadmins and devops.
http://www.openshift.org/ – PaaS product from Red Hat.
https://www.openstack.org/ – Build private and public clouds.
http://theforeman.org/ – Complete lifecycle management tool for physical and virtual servers. FOSS.
https://tsuru.io/ – Tsuru is an extensible Platform as a Service software.


### Cloud Orchestration
===========================================================
http://docs.cloudfoundry.org/bosh/ – IaaS orchestration platform originally written for deploying and managing Cloud Foundry PaaS, but also useful for general purpose distributed systems.
http://www.getcloudify.org/ – TOSCA-based cloud orchestration software platform written in Python and YAML.
http://www.cloudslang.io/ – Flow-based orchestration tool for managing deployed applications, with Docker capabilities.
https://juju.ubuntu.com/ – Cloud orchestration tool which manages services as charms, YAML configuration and deployment script bundles.
http://puppetlabs.com/mcollective – Ruby framework to manage server orchestration, developed by Puppet labs.
http://andrewchilds.github.io/overcast/ – Deploy VMs across different cloud providers, and run commands and scripts across any or all of them in parallel via SSH.
http://rundeck.org/ – Simple orchestration tool.
http://www.saltstack.com/ – Fast, scalable and flexible systems management software written in Python/ZeroMQ.
http://stackstorm.com/ – Event Driven Operations and ChatOps platform for infrastructure management. Written in Python


### Cloud Storage
===========================================================
http://git-annex.branchable.com/assistant/ – A synchronised folder on each of your OSX and Linux computers, Android devices, removable drives, NAS appliances, and cloud services.
https://owncloud.org/ – Provides universal access to your files via the web, your computer or your mobile devices.
https://pyd.io/ – Pydio (formerly AjaXplorer) is a mature solution for file sharing and synchronization.
http://seafile.com/ – Another Cloud Storage solution.
http://sparkleshare.org/ – Provides cloud storage and file synchronization services. By default, it uses Git as a storage backend.
http://docs.openstack.org/developer/swift/ – A highly available, distributed, eventually consistent object/blob store.
http://syncthing.net/ – System for private, encrypted and authenticated distribution of data.


### Web Based collaborative code review system
===========================================================
https://code.google.com/p/gerrit/ – Based on the Git version control, it facilitates software developers to review modifications to the source code and approve or reject those changes.
http://phabricator.org/ – Code review tool build by facebook and used by WikiMedia, FB, dropbox etc. Comes with an integrated wiki, bug tracker, VC integration and a CLI tool called arcanist.
https://www.reviewboard.org/ – Available as free software under the MIT License.


### Collaborative software or groupware suites
===========================================================
http://www.citadel.org/ – Collaboration suite (messaging and groupware) that is descended from the Citadel family of programs.
http://www.egroupware.org/ – Groupware software written in PHP.
http://www.horde.org/apps/groupware – PHP based collaborative software suite that includes email, calendars, wikis, time tracking and file management.
https://www.kolab.org/ – Another groupware suite.
https://www.sogo.nu/ – Collaborative software server with a focus on simplicity and scalability.
https://www.zimbra.com/community/ – Collaborative software suite, that includes an email server and web client.


### Configuration management database (CMDB) software
===========================================================
http://www.i-doit.org/ – IT Documentation and CMDB.
http://www.combodo.com/-Overview-.html – Complete ITIL web based service management tool.
https://github.com/allegro/ralph – Asset management, DCIM and CMDB system for large Data Centers as well as smaller LAN networks.
https://github.com/clusto/clusto – Helps you keep track of your inventory, where it is, how it’s connected, and provides an abstracted interface for interacting with the elements of the infrastructure.
http://tumblr.github.io/collins – At Tumblr, it’s the infrastructure source of truth and knowledge.

### Configuration management tools
===========================================================
http://www.ansibleworks.com/ – It’s written in Python and manages the nodes over SSH.
http://cfengine.com/ – Lightweight agent system. Configuration state is specified via a declarative language.
http://www.opscode.com/chef/ – It’s written in Ruby and Erlang and uses a pure-Ruby DSL.
http://palletops.com/ – Infrastructure definition, configuration and management via a Clojure DSL.
http://puppetlabs.com/ – It’s written in Ruby and uses Puppet’s declarative language or a Ruby DSL.
http://www.saltstack.com/ – It’s written in Python.
http://steve.org.uk/Software/slaughter/ – It’s written in Perl.


### Continuous integration/deployment software
==========================================================
http://buildbot.net/ – Python-based toolkit for continuous integration.
https://github.com/drone/drone – Continuous integration server built on Docker and configured using YAML files.
https://www.gitlab.com/gitlab-ci/ – Based off of ruby. They also provide GitLab, which manages git repositories.
http://www.go.cd/ – Continuous delivery server.
http://jenkins-ci.org/ – An extendable continuous integration server.


### Web hosting and server or service control panels
===========================================================
Web hosting
http://www.froxlor.org/ – Easy to use panel for Linux with Nginx and PHP-FPM support.
http://www.ispconfig.org/ – Hosting control panel for Linux.
http://sentora.org/ – Control panel for Linux, BSD, and Windows based on ZPanel.
http://www.vestacp.com/ – Hosting panel for Linux but with Nginx.
DNS
http://atomiadns.com/ – DNS management system.
https://github.com/odoucet/pdns-gui – WebGUI which aids in administering domains and records for PowerDNS with MySQL.
http://www.poweradmin.org/ – Friendly web-based DNS administration tool for PowerDNS server.
Revision Control
http://svnadmin.insanefactory.com/ – WebGUI to manage Subversion repositories and User/Group permissions.
https://www.scm-manager.org/ – The easiest way to share and manage your Git, Mercurial and Subversion repositories.
http://www.websvn.info/ – Opensource web subversion repository browser.
Virtualization
http://feathur.com/ – VPS Provisioning and Management Software.
http://panamax.io/ – Project that makes deploying complex containerized apps as easy as Drag-and-Drop.
http://owp.softunity.com.ru/ – Web panel to control your OpenVZ servers.
https://www.virtkick.com/ – A simple orchestrator. Manage virtual machines or Docker containers easily.
https://retspen.github.io/ – libvirt-based Web interface for managing virtual machines.
Server
http://ajenti.org/ – Control panel for Linux and BSD.
http://cockpit-project.org/ – New multi-server web interface for Linux servers written in C.
http://www.virtualmin.com/ – Control panel for Linux based on webmin.
http://www.webmin.com/ – Linux server control panel.


### Tools and scripts to support deployments to your servers
==========================================================
http://www.capistranorb.com/ – Deploy your application to any number of machines simultaneously, in sequence or as a rolling set via SSH (rake based).
http://www.fabfile.org/ – Python library and cli tool for streamlining the use of SSH for application deployment or systems administration tasks.
http://nadarei.co/mina/ – Really fast deployer and server automation tool (rake based).
http://rocketeer.autopergamene.eu/ – PHP task runner and deployment tool.
http://rubyhitsquad.com/Vlad_the_Deployer.html – Deployment automation (rake based).


### Network distributed filesystems
===========================================================
http://ceph.com/ – Distributed object store and file system.
http://www.drbd.org/ – Distributed Replicated Block Device.
http://leo-project.net/ – Unstructured object/data storage and a highly available, distributed, eventually consistent storage system.
http://www.gluster.org/ – Scale-out network-attached storage file system.
http://hadoop.apache.org/ – Distributed, scalable, and portable file-system written in Java for the Hadoop framework.
http://lustre.opensfs.org/ – Parallel distributed file system, generally used for large-scale cluster computing.
http://www.moosefs.org/ – Fault tolerant, network distributed file system.
http://mogilefs.org/ – Application level, network distributed file system.
http://www.openafs.org/ – Distributed network file system with read-only replicas and multi-OS support.
https://tahoe-lafs.org/trac/tahoe-lafs – secure, decentralized, fault-tolerant, peer-to-peer distributed data store and distributed file system.
http://www.xtreemfs.org/ – XtreemFS is a fault-tolerant distributed file system for all storage needs.


### DNS servers
===========================================================
https://www.isc.org/downloads/bind/ – The most widely used name server software.
http://cr.yp.to/djbdns.html – A collection of DNS applications, including tinydns.
https://wiki.openstack.org/wiki/Designate – DNS REST API that support several DNS servers as its backend.
http://www.thekelleys.org.uk/dnsmasq/doc.html – A lightweight service providing DNS, DHCP and TFTP services to small-scale networks.
https://www.knot-dns.cz/ – High performance authoritative-only DNS server.
http://www.nlnetlabs.nl/projects/nsd/ – Authoritative only, high performance, simple name server.
https://www.powerdns.com/ – DNS server with a variety of data storage back-ends and load balancing features.
http://unbound.net/ – Validating, recursive, and caching DNS resolver.
http://yadifa.eu/ – Lightweight authoritative Name Server with DNSSEC capabilities powering the .eu top-level domain.


### Open source code editors
===========================================================
https://atom.io/ – A hackable text editor from Github.
http://brackets.io/ – Code editor for web designers and front-end developers.
http://eclipse.org/ – IDE written in Java with an extensible plug-in system.
http://www.geany.org/ – GTK2 text editor.
http://www.gnu.org/software/emacs/ – An extensible, customizable text editor-and more.
http://pad.haroopress.com/ – Markdown editor with live preview.
http://icecoder.net/ – Code editor awesomeness, built with common web languages.
https://github.com/jdleesmiller/jotgit – Git-backed real-time collaborative code editing.
https://www.kdevelop.org/ – IDE by the people behind KDE.
http://www.lighttable.com/ – The next generation code editor.
http://limetext.org/ – Aims to provide an open source solution to Sublime Text
https://github.com/textmate/textmate/ – A graphical text editor for OS X.
http://www.vim.org/ – A highly configurable text editor built to enable efficient editing.


### LDAP
===========================================================
http://port389.org/ – Developed by Red Hat.
http://directory.apache.org/ – Apache Software Foundation project written in Java.
http://opendj.forgerock.org/ – Fork of OpenDS.
https://opends.java.net/ – Another directory server written in Java.
http://openldap.org/ – Developed by the OpenLDAP Project.


### Tools and web interfaces
===========================================================
http://www.fusiondirectory.org/ – Improve the Management of the services and the company directory based on OpenLDAP.
http://www.freeipa.org/ – Security management solution, can manage LDAP, KRB, DNS, sudo, and more
https://www.ldap-account-manager.org/lamcms/ – Web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory.
https://www.samba.org/ – Active Directory and CIFS protocol implementation.


### IT Assets Management software
===========================================================
http://www.glpi-project.org/spip.php?lang=en – Information Resource-Manager with an additional Administration Interface.
http://www.ocsinventory-ng.org/en/ – Enables users to inventory their IT assets.
http://racktables.org/ – Datacenter and server room asset management like document hardware assets, network addresses, space in racks, networks configuration.
https://github.com/allegro/ralph – Asset management, DCIM and CMDB system for large Data Centers as well as smaller LAN networks.
http://snipeitapp.com/ – Asset & license management software.


### Log management tools: collect, parse, visualize …
===========================================================
http://www.elasticsearch.org/ – A Lucene Based Document store mainly used for log indexing, storage and analysis.
http://www.fluentd.org/ – Log Collector and Shipper.
https://flume.apache.org/ – Distributed log collection and aggregation system.
http://graylog2.org/ – Pluggable Log and Event Analysis Server with Alerting options.
http://hekad.readthedocs.org/en/latest/ – Stream processing system which may be used for log aggregation.
http://www.elasticsearch.org/overview/kibana/ – Visualize logs and time-stamped data.
http://logstash.net/ – Tool for managing events and logs.
http://www.octopussy.pm/ – Log Management Solution (Visualize / Alert / Report).


### Mail Clients
===========================================================
http://www.claws-mail.org/ – Old school email client (and news reader), based on GTK+.
http://www.mutt.org/ – Small but very powerful text-based mail client.
https://www.mozilla.org/de/thunderbird/ – Free email application that’s easy to set up and customize.


### Webmail applications
===========================================================
http://roundcube.net/ – Browser-based IMAP client with an application-like user interface.
http://squirrelmail.org/ – Another browser-based IMAP client.
http://www.horde.org/ – Webmail and groupware client
http://www.rainloop.net/ – Very nice webmail with IMAP/SMTP Support and multi accounting


### Mail Delivery Agents (IMAP/POP3 software)
===========================================================
http://www.courier-mta.org/imap/ – Fast, scalable, enterprise IMAP and POP3 server.
http://cyrusimap.org/ – Intended to be run on sealed servers, where normal users are not permitted to log in.
http://www.dovecot.org/ – IMAP and POP3 server written primarily with security in mind.


### Mail Transfer Agents (SMTP servers)
===========================================================
http://www.exim.org/ – Message transfer agent (MTA) developed at the University of Cambridge.
http://haraka.github.io/ – A high-performance, pluginable SMTP server written in JavaScript.
http://mailcatcher.me/ – Ruby gem that deploys a simply SMTP MTA gateway that accepts all mail and displays in web interface. Useful for debugging or development.
https://github.com/m242/maildrop – Disposable email SMTP server, also useful for development.
https://opensmtpd.org/ – Secure SMTP server implementation from the OpenBSD project.
http://www.postfix.org/ – Fast, easy to administer, and secure Sendmail replacement.
http://cr.yp.to/qmail.html – Secure Sendmail replacement.
http://www.sendmail.com/sm/open_source/ – Message transfer agent (MTA).


### Software for simple deployment of a mail server, e.g. for inexperienced or impatient admins
===========================================================
https://www.hmailserver.com/ – Open source e-mail server for Microsoft Windows
https://mailinabox.email/ – Take back control of your email with this easy-to-deploy mail server in a box.
http://www.iredmail.org/ – Full-featured mail server solution based on Postfix and Dovecot.
http://www.citadel.org/ – Feature packed, easy, versatile, and powerful mail server, thanks to exclusive “rooms” based architecture.
http://modoboa.org/en/ – Modoboa is a mail hosting and management platform including a modern and simplified Web User Interface.
https://www.debinux.de/fufix/ – Fufix is a mailserver installer based on Dovecot, Postfix, Postfixadmin, Nginx, PHP, MySQL and Fail2ban.


### Monitoring software
===========================================================
https://github.com/guardian/alerta – Distributed, scaleable and flexible monitoring system.
http://www.cacti.net/ – Web-based network monitoring and graphing tool.
http://cabotapp.com/ – Monitoring and alerts, similar to PagerDuty.
http://mathias-kettner.com/check_mk.html – Collection of extensions for Nagios.
https://github.com/afaqurk/linux-dash – A low-overhead monitoring web dashboard for a GNU/Linux machine.
http://flapjack.io/ – Monitoring notification routing & event processing system.
https://www.icinga.org/ – Fork of Nagios.
http://www.librenms.org/ – Fully featured network monitoring system that provides a wealth of features and device support.
http://mmonit.com/monit/#home – Small utility for managing and monitoring Unix systems.
http://munin-monitoring.org/ – Networked resource monitoring tool.
http://www.naemon.org/ – Network monitoring tool based on the Nagios 4 core with performance enhancements and new features.
http://www.nagios.org/ – Computer system, network and infrastructure monitoring software application.
https://github.com/eleme/node-bell – Real-time anomalies detection for periodic time series, metrics monitor.
http://www.observium.org/ – SNMP monitoring for servers and networking devices. Runs on linux.
http://omdistro.org/ – The Open Monitoring Distribution.
https://phpsysinfo.github.io/phpsysinfo/ – A customizable PHP script that displays information about your system nicely
http://riemann.io/ – Flexible and fast events processor allowing complex events/metrics analysis.
http://sensuapp.org/ – Monitoring framework.
https://getsentry.com/ – Application monitoring, event logging and aggregation.
https://github.com/BotoX/ServerStatus – Display and monitor your servers statistics in a beatiful way.
https://github.com/mojeda/ServerStatus – Server Status website script, displays uptime (days), free RAM, free HDD
http://www.shinken-monitoring.org/ – Another monitoring framework.
http://www.thruk.org/ – Multibackend monitoring web interface with support for Naemon, Nagios, Icinga and Shinken.
http://www.xymon.com/ – Network monitoring inspired by Big Brother.
http://www.zabbix.com/ – Enterprise-class software for monitoring of networks and applications.
http://community.zenoss.org/ – Application, server, and network management platform based on Zope.


### Metric gathering and display software
===========================================================
http://collectd.org/ – System statistic collection daemon.
http://collectl.sourceforge.net/ – High precision system performance metrics collecting tool.
http://dashing.io/ – Ruby gem that allows for rapid statistical dashboard development. An all HTML5 approach allows for big screen displays in data centers or conference rooms.
https://github.com/BrightcoveOS/Diamond – Python based statistic collection daemon.
http://facette.io/ – Time series data visualization and graphing software written in Go.
https://github.com/Freeboard/freeboard – A damn-sexy front-end real-time dashboard. Transforms raw JSON into delicious UI.
http://ganglia.sourceforge.net/ – High performance, scalable RRD based monitoring for grids and/or clusters of servers. Compatible with Graphite using a single collection process.
http://grafana.org/ – A Graphite & InfluxDB Dashboard and Graph Editor.
http://graphite.readthedocs.org/en/latest/ – Scalable graphing server.
http://influxdb.com/ – Distributed time series database with no external dependencies.
https://code.google.com/p/kairosdb/ – Fast distributed scalable time series database, fork of OpenTSDB 1.x.
http://opentsdb.net/ – Store and server massive amounts of time series data without losing granularity.
http://packetbeat.com/ – Captures network traffic and displays it in a custom Kibana dashboard for easy viewing.
http://prometheus.io/ – Service monitoring system and time series database.
http://oss.oetiker.ch/rrdtool/ – Industry standard, high performance data logging and graphing system for time series data.
https://github.com/etsy/statsd/ – Application statistic listener.


### Network configuration management tools
===========================================================
http://www.gestioip.net/ – An automated web based IPv4/IPv6 IP Address Management tool.
https://github.com/ytti/oxidized – A modern take on network device configuration monitoring with web interface and GIT storage.
http://www.shrubbery.net/rancid/ – Monitors network device’s configuration and maintain history of changes.
http://www.rconfig.com/ – Another network device configuration management tool.
https://github.com/trigger/trigger – Robust network automation toolkit written in Python.


### Newsletter software
===========================================================
http://dadamailproject.com/ – Mailing List Manager, written in Perl.
http://www.phplist.com/ – Newsletter manager written in PHP.
https://github.com/averna-syd/LibreMailer – Libre Mailer is a modest and simple web based email marketing application.
https://github.com/bborn/lewsnetter – E-mail marketing application (create and send e-mail newsletter via SES). Includes subscription management, delivery, bounce and complaint notification, templates, and some stats.


### NoSQL databases
===========================================================
Column-Family
http://hbase.apache.org/ – Hadoop database, a distributed, big data store.
http://cassandra.apache.org/ – Distributed DBMS designed to handle large amounts of data across many servers.
http://hypertable.org/ – C++ based BigTable-like DBMS, communicates through Thrift and runs either as stand-alone or on distributed FS such as Hadoop.
Document Store
http://couchdb.apache.org/ – Ease of use, with multi-master replication document-oriented database system.
http://www.elasticsearch.org/ – Java based database, popular with log aggregation, and email archiving projects.
http://www.mongodb.org/ – Another document-oriented database system.
http://ravendb.net/ – Document based database with ACID/Transactional features.
http://www.rethinkdb.com/ – Distributed document store database, focuses on JSON.
Graph
https://github.com/twitter/flockdb – Twitter’s distributed, fault-tolerant graph database.
http://www.neo4j.org/ – Graph database.
Key-Value
https://github.com/google/leveldb – Google’s high performance key/value database.
http://redis.io/ – Networked, in-memory, key-value data store with optional durability.
http://basho.com/riak/ – Another fault-tolerant key-value NoSQL database.


### Packaging
===========================================================
https://github.com/jordansissel/fpm – Versatile multi format package creator.
https://github.com/opscode/omnibus-ruby – Full stack, cross distro packaging software (Ruby).
http://packman.readthedocs.org/ – Full stack, cross distro packaging software (Python).
https://github.com/dgoodwin/tito – Builds RPMs for git-based projects.


### Web-based project management and bug tracking systems
===========================================================
https://www.casebox.org/ – Manage all your organisation’s information in one system.
https://www.chiliproject.org/ – Fork of Redmine.
https://github.com/takezoe/gitbucket Clone of GitHub written in Scala; single jar install.
https://www.gitlab.com/ – Clone of GitHub written in Ruby.
http://gogs.io/ – Self-hosted Git service written in Go.
https://www.openproject.org/ – Project collaboration.
http://phabricator.org/ Written in PHP.
http://www.redmine.org/ – Written in ruby on rails.
https://taiga.io/ – Agile Project Management Tool based on the Kanban and Scrum methods.
http://www.thebuggenie.com/ – Written in PHP.
http://trac.edgewall.org/ – Written in python.


### Queuing
===========================================================
https://activemq.apache.org/ – Java message broker.
http://kr.github.io/beanstalkd/ – A simple, fast work queue.
http://gearman.org/ – Fast multi-language queuing/job processing platform.
http://kafka.apache.org/ – Extremely high performance publish/subscribe message system.
http://nsq.io/ – A realtime distributed messaging platform.
http://www.rabbitmq.com/ – Robust, fully featured, cross distro queuing system.
http://zeromq.org/ – Lightweight queuing system.


### Relational DBMS
===========================================================
http://www.firebirdsql.org/ – True universal database.
http://galeracluster.com/ – Galera Cluster for MySQL is an easy-to-use high-availability solution with high system up-time, no data loss, and scalability for future growth.
https://mariadb.org/ – Community-developed fork of the MySQL.
http://www.percona.com/software – Enhanced, drop-in MySQL replacement.
http://www.postgresql.org/ – Object-relational database management system (ORDBMS).
http://www.postgres-xl.org/ – Scalable PostgreSQL-based database cluster.
http://sqlite.org/ – Library that implements a self-contained, serverless, zero-configuration, transactional SQL DBS.


### Security tools
===========================================================
https://github.com/StackExchange/blackbox – Safely store secrets in Git/Mercurial. Provides tooling to automatically encrypt secrets like passwords.
http://www.bro.org/ – Bro is a powerful framework for network analysis and security monitoring.
http://denyhosts.sourceforge.net/ – Thwart SSH dictionary based attacks and brute force attacks.
http://www.fail2ban.org/wiki/index.php/Main_Page – Scans log files and takes action on IPs that show malicious behavior.
https://www.cipherdyne.org/fwknop/ – Protects ports via Single Packet Authorization in your firewall.
http://glastopf.org/ – A low-interaction web application honeypot to emulate vulnerabilities and gather attack data.
https://github.com/desaster/kippo – A medium-interaction SSH honeypot, mostly used as a standalone SSH daemon with a configurable Filesystem sandbox.
https://www.rfxn.com/projects/linux-malware-detect/ – A malware scanner for Linux designed around the threats faced in shared hosted environments.
http://ossec.net/ – OSSEC is a HIDS that performs log analysis, FIM, rootkit detection, and much more.
https://osquery.io/ – Query your servers status and info using a SQL like interface.
https://www.pfsense.org/ – Firewall and Router FreeBSD distribution.
https://www.snort.org/ – Network intrusion prevention system (NIPS) and network intrusion detection system (NIDS).
https://spamassassin.apache.org/ – A powerful and popular email spam filter employing a variety of detection technique.


### Service Discovery
===========================================================
http://www.consul.io/ – Consul is a tool for service discovery, monitoring and configuration.
https://github.com/ha/doozerd – Doozer is a highly-available, completely consistent store for small amounts of extremely important data.
https://github.com/coreos/etcd – distributed K/V-Store, authenticating via SSL PKI and a REST HTTP Api for shared configuration and service discovery.
http://zookeeper.apache.org/ – ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.


### Operating system–level virtualization
===========================================================
http://www.docker.com/ – Platform for developers and sysadmins to build, ship, and run distributed applications.
https://linuxcontainers.org/lxc/ – Userspace interface for the Linux kernel containment features.
http://openvz.org/ – Container-based virtualization for Linux.


### SSH tools
===========================================================
https://pypi.python.org/pypi/advanced-ssh-config/ – Enhances ssh_config file capabilities, completely transparent.
http://www.harding.motd.ca/autossh/ – Automatically respawn ssh session after network interruption.
http://sourceforge.net/projects/clusterssh/ – Controls a number of xterm windows via a single graphical console.
http://www.netfort.gr.jp/~dancer/software/dsh.html.en – Dancer’s shell / distributed shell – Wrapper for executing multiple remote shell commands from one command line.
http://mosh.mit.edu/ – The mobile shell.
http://code.google.com/p/parallel-ssh/ – Provides parallel versions of OpenSSH and related tools.
https://github.com/cloudtools/ssh-cert-authority – A democratic SSH certificate authority.
https://github.com/cloudtools/ssh-ca/ – Allows giving ssh access to servers without putting a users key on the server, as well as expiring access.
http://code.google.com/p/sshpt/ – Execute commands and upload files to many servers simultaneously without using pre-shared keys.
https://github.com/Russell91/sshrc – sources ~/.sshrc on your local computer after logging in remotely.
http://stormssh.readthedocs.org/ – A command line tool to manage SSH connections.


### Anaytics software
===========================================================
http://www.awstats.org/ – Generates web, streaming, ftp or mail server statistics graphically.
http://goaccess.io/ – Real-time web log analyzer and interactive viewer that runs in a terminal.
http://www.openwebanalytics.com/ – Add web analytics to websites using JS, PHP or REST APIs.
http://piwik.org/ – Web analytics application.
http://www.webalizer.org/ – Fast web server log file analysis.


### Status Pages
===========================================================
https://cachethq.io/ – Status page system written in PHP.
http://www.stashboard.org/ – Status page for cloud services and APIs.
http://www.system-status-dashboard.com/ – Overview about an organization’s infrastructure health status.
http://staytus.co/ – Staytus is a complete solution for publishing the latest information about any issues with your web applications, networks or services.


### Web-based ticketing system
===========================================================
http://www.bugzilla.org/ – General-purpose bugtracker and testing tool originally developed and used by the Mozilla project.
http://www.cerberusweb.com/ – Group-based e-mail management project.
http://flyspray.org/ – Web-based bug tracking system written in PHP.
http://www.mantisbt.org/ – Web-based bug tracking system.
http://osticket.com/ – Simple support ticket system.
http://www.otrs.com/ – Trouble ticket system for assigning tickets to incoming queries and tracking further communications.
http://www.bestpractical.com/rt/ – Ticket-tracking system written in Perl.
http://www.thebuggenie.com/ – Ticket system with extensive user rights system.


### Troubleshooting Tools
===========================================================
https://grml.org/ – bootable Debian Live CD with powerful CLI tools.
http://mitmproxy.org/ – A Python tool used for intercepting, viewing and modifying network traffic. Invaluable in troubleshooting certain problems.
http://www.sysdig.org/ – Capture system state and activity from a running Linux instance, then save, filter and analyze.
http://www.wireshark.org/ – The world’s foremost network protocol analyzer.


### Software versioning and revision control
===========================================================
http://www.fossil-scm.org/ – Distributed version control with built-in wiki and bug tracking.
http://git-scm.com/ – Distributed revision control and source code management (SCM) with an emphasis on speed.
http://bazaar.canonical.com/ – Distributed revision control system sponsored by Canonical.
http://mercurial.selenic.com/ – Another distributed revision control.
http://subversion.apache.org/ – Client-server revision control system.


### Virtualization software
===========================================================
http://archipelproject.org/ – XMPP based virtualization management platform.
http://www.convirture.com/products_opensource.php – Provides the core functionality for centrally managing your KVM or Xen virtualized environment.
https://code.google.com/p/ganeti/ – Cluster virtual server management software tool built on top of KVM and Xen.
http://www.linux-kvm.org/ – Linux kernel virtualization infrastructure.
http://opennebula.org/ – Flexible enterprise cloud made simple.
http://www.ovirt.org/ – Manages virtual machines, storage and virtual networks.
http://www.packer.io/ – A tool for creating identical machine images for multiple platforms from a single source configuration.
https://www.proxmox.com/proxmox-ve – Virtualization management solution.
http://www.qemu.org/ – QEMU is a generic machine emulator and virtualizer.
https://www.vagrantup.com/ – Tool for building complete development environments.
https://www.virtualbox.org/ – Virtualization product from Oracle Corporation.
http://www.xenproject.org/ – Virtual machine monitor for 32/64 bit Intel / AMD (IA 64) and PowerPC 970 architectures.


### VPN software
===========================================================
https://community.openvpn.net/ – Uses a custom security protocol that utilizes SSL/TLS for key exchange.
http://pritunl.com/ – OpenVPN based solution. Easy to set up.
https://www.softether.org/ – Multi-protocol software VPN with advanced features
https://github.com/apenwarr/sshuttle – Poor man’s VPN.
http://www.strongswan.org/ – Complete IPsec implementation for Linux.
http://www.tinc-vpn.org/ – Distributed p2p VPN.


### XMPP servers
===========================================================
http://www.ejabberd.im/ – XMPP instant messaging server written in Erlang/OTP.
http://www.lightwitch.org/metronome – Fork of Prosody IM.
https://www.erlang-solutions.com/products/mongooseim.html – Fork of ejabberd – on GithubErlang Introduction.
http://www.igniterealtime.org/projects/openfire/ – Real time collaboration (RTC) server.
http://prosody.im/ – XMPP server written in Lua.
https://projects.tigase.org/projects/tigase-server – XMPP server implementation in Java.


### XMPP Web Clients
===========================================================
http://candy-chat.github.io/candy/ – Multi user XMPP client written in Javascript.
http://getkaiwa.com/ – Web based chat client in the style of common paid alternatives.
http://sdelements.github.io/lets-chat/ – A self hosted chat suite written in Node.


### Web servers
===========================================================
http://httpd.apache.org/ – Most popular web server.
http://cherokee-project.com/ – Lightweight, high-performance web server/reverse proxy.
http://www.lighttpd.net/ – Web server more optimized for speed-critical environments.
http://nginx.org/ – Reverse proxy, load balancer, HTTP cache, and web server.
https://github.com/unbit/uwsgi/ – The uWSGI project aims at developing a full stack for building hosting services.


### Web Performance
===========================================================
http://www.haproxy.org/ – Software based load Balancing, SSL offloading and performance optimization, compression, and general web routing.
https://www.varnish-cache.org/ – HTTP based web application accelerator focusing on optimizing caching and compression.


### Wiki Software
===========================================================
https://www.dokuwiki.org/dokuwiki – Simple to use and highly versatile wiki that doesn’t require a database.
https://github.com/gollum/gollum – A simple, Git-powered wiki with a sweet API and local frontend.
http://ikiwiki.info/ – A wiki compiler.
http://dynalon.github.io/mdwiki/#%21index.md – Wiki completely built in HTML5/Javascript and runs 100% on the client
http://www.mediawiki.org/wiki/MediaWiki – Used to power Wikipedia.
http://moinmo.in/ – An advanced, easy to use and extensible WikiEngine with a large community of users.
https://github.com/minad/olelo – A wiki that stores pages in a Git repository.
http://www.pmwiki.org/ – Wiki-based system for collaborative creation and maintenance of websites.
http://tiddlywiki.com/ – Complete interactive wiki in JavaScript








source: https://www.cybrary.it/0p3n/information-research-content-categorization/